Malware implants on Cisco routers revealed to be more widespread

Attackers have installed malicious firmware on nearly 200 Cisco routers used by businesses from over 30 countries, according to Internet scans performed by cybercrime fighters at the Shadowserver Foundation. Last Tuesday, FireEye subsidiary Mandiant warned about new attacks that replace the firmware on integrated services routers from Cisco Systems. The rogue firmware provides attackers with persistent backdoor access and the ability to install custom malware modules. At the time Mandiant said that it had found 14 routers infected with the backdoor, dubbed SYNful Knock, in four countries: Mexico, Ukraine, India and the Philippines. The affected models were Cisco 1841, 2811 and 3825, which are no longer being sold by the networking vendor.To read this article in full or to leave a comment, please click here

iOS 9 breaks VPNs and prevents server access for many

Apple's iOS 9 has several features meant to increase its strong enterprise-grade security. But it also breaks a key security method: VPN connections to some corporate servers. As a result, users won't be able to access some servers over some VPN connections -- but they'll be able to access other servers with no problem. The bug appeared in iOS 9's beta. It was not fixed in the final version of iOS 9, and it is not fixed in the current beta of iOS 9.1.[ InfoWorld's Mobile Security Deep Dive. Download it today in your choice of PDF or ePub editions! | Keep up on key mobile developments and insights with the Mobile Tech Report newsletter. ] Here's what Cisco has reported about the bug:To read this article in full or to leave a comment, please click here

New products of the week 09.21.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Live Segments Key features: improves the process for both segmenting large promotional email lists and implementing behavioral data to create personalized communications, while automating the labor intensive processes around segmentation, data analysis and product recommendations. More info.To read this article in full or to leave a comment, please click here

New products of the week 09.21.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Live Segments Key features: improves the process for both segmenting large promotional email lists and implementing behavioral data to create personalized communications, while automating the labor intensive processes around segmentation, data analysis and product recommendations. More info.To read this article in full or to leave a comment, please click here

The Hyperconverged Reality of Tomorrow

For a while now we’ve been hearing a lot of buzz about hyperconverged systems and we’ve been following it closely. We think what’s missing from these conversations is how critical the network is to the sustained success of these systems.

In our quest to build a simply better network, our key focus is on how to truly hyperconverge the network. And we do it by combining the latest in Ethernet switching with optical multiplexing to create a high performance, resilient, low latency and scalable data center network fabric. Unlike traditional leaf/spine approaches, Plexxi Switches are deployed as a single tier, eliminating cost and complexity while vastly reducing operational overhead so the enterprise can build true fabric agility to support the dynamic workload needs of hyperconverged nodes.

At VMWorld, Mat Matthews pointed out in his 5 Key Takeaways blog that hyperconverged solution providers are zoning in on the simplification of the consumption process around infrastructure. The silos are gone. Providers are recognizing that customers want to get new workloads up and running quickly without having to deal with getting storage, compute and networking to work together.

This is good news all around. We are seeing the realization that the network has Continue reading

Indian draft rules on encryption could compromise privacy, security

India's government is trying to ensure that its law enforcement agencies have easy access to encrypted information, but it could be compromising security and privacy in the process. A draft policy on encryption issued by the Indian government aims to keep a check on the use of the technology by specifying the algorithms and the length of the encryption keys used by different categories of people. Consumers will also be required to store the plain texts of encrypted information for 90 days from the date of a transaction and provide the text to agencies when required under the laws of the country.To read this article in full or to leave a comment, please click here

Apple brings down malware-infected apps from store

Apple has brought down a large number of apps from its store after it was found that around 40 iOS apps had been infected by a modified version of the company's software for developers.Christine Monaghan, an Apple spokeswoman, told news outlets that the company removed apps from the App Store that it knows have been created with the counterfeit software, to protect its customers.Palo Alto Networks reported last week that a new malware, called XcodeGhost, modified the Xcode integrated development environment for building apps for the Mac, iPhone and iPad.To read this article in full or to leave a comment, please click here

DHS CISO: Revoke security clearance of feds who keep falling for phishing scams

Numerous federal agencies rely on legacy systems that have security bolted on as an afterthought instead of security “being deeply embedded” in the systems. It is unsurprising that such older hardware, software and operating systems are vulnerable to intrusions. But sometimes security problems have more to do with human vulnerabilities – stupid PEBKAC and ID10T errors committed by the person behind the keyboard – than legacy systems. If the same people who handle sensitive government information also keep falling for phishing scams, should they have their security clearance revoked? Indeed they should, according to DHS chief security officer Paul Beckman.To read this article in full or to leave a comment, please click here

Merchant Processes and CID/CVV2

I recently received a letter from the company that monitors my home alarm. It basically stated that to avoid a $3US surcharge that I must opt out of receiving bill in the mail (which is fine) and that I must set up automatic transactions.  I also found this form attached.

Merchant Form

This is not the first time that I have seen a payment option that includes a requirement for the CVV2  or CID value from my credit card. However with a little knowledge of PCI, I have to ask myself the following question, “What exactly are they going to do with this information?” According to PCI-DSS, this information must not be stored (even in an encrypted format) after authorization.

That raises the following questions for the merchant requiring this information–

  1. Is this truly only for the first transaction authorization and the physical form will be securely destroyed?
  2. In this particular case, this is for a monthly transaction. So their relationship with their provider is such that CID/CVV is optional (and not used) for secondary transactions?
  3. Or is this information being stored, electronically or physically, allowing for the possibility of later transactions?

In this Continue reading

How to map OpenFlow switch TCP ports in Mininet SDN simulations

When testing SDN functions in the Mininet network emulator and viewing captured OpenFlow messages in a packet analyzer such as Wireshark, it is difficult to identify which SDN switch is the source or destination of each captured message.

The only reliable way to identify which SDN switch sent or received an OpenFlow message is to look at the source or destination TCP port of the OpenFlow packets. This is because most OpenFlow messages exchanged between switches and the controller do not contain any other information that helps identify the sending or receiving switch. Neither Mininet nor the Open vSwitch database provides information that might be used to identify the TCP ports used by each switches to communicate with the OpenFlow controller in the network.

This post describes a procedure to map which TCP ports are used on each switch to communicate with the SDN controller in the Mininet network simulation. This procedure will enable researchers or students to study the interactions between SDN controller and switches in a more detailed and accurate way.

Summary of procedure

To map which TCP ports are used on each switch to communicate with the SDN controller in the Mininet network simulation, execute the steps Continue reading

Site Upgrades for September 2015

First, I want to apologize for not doing my job. Over the past couple years I’ve let this site become slightly stagnant. I won’t attempt to make excuses, but I will say that I’m in a much better place now. Hopefully inspiration will continue to strike, and I will continue to put pen to paper… or finger to keyboard?

2015-09-18 at 8.52 PMOver the past couple weeks I’ve put a fair amount of time and monetary resources into RouterJockey. I’ve fixed quite a few CSS bugs, without hopefully creating more. I purchased an SSL certificate and moved the site to HTTPS, which helps me more than it really does you… but in doing so, I’ve also enabled SPDY 3.1. SPDY should help load times, but Nginx was already doing a pretty good job. Oh, in order to get SPDY up to 3.1 I was forced to migrate away from the Ubuntu repo for Nginx.. but that’s not a huge deal.

I’ve also spent some time redesigning the menu bar, adding new links, removing some useless ones, and writing an all new disclaimer. Please be sure to read and understand everything posted on that page before attempting to read any of my Continue reading

Some notes on NSA’s 0day handling process

The EFF got (via FOIA) the government's official policy on handling/buying 0days. I thought I'd write up some notes on this, based on my experience. The tl;dr version of this post is (1) the bits they redacted are the expected offensive use of 0days, and (2) there's nothing surprising in the redacted bits.


Before 2008, you could sell 0days to the government many times, to different departments ranging from the NSA to Army to everybody else. These government orgs would compete against each other to see who had the biggest/best cyber-arsenal.

In 2008, there came an executive order to put a stop to all this nonsense. Vuln sellers now only sold 0days once to the government, and then the NSA would coordinate them with everyone else.

That's what this "VEP" (Vuln Equities Process) document discusses -- how the NSA distributes vulnerability information to all the other "stakeholders".

I use "stakeholders" loosely, because there are a lot of government organizations who feel entitled to being part of the 0day gravy train, but who really shouldn't be. I have the impression the NSA has two processes, the real one that is tightly focused on buying vulns and deploying them in the field, Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 9/18/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Ajay Edara, CCIE #36424 (R&S & Wireless)
  • Shiv Shankar, CCIE #43675 (Routing & Switching)
  • Andy Harrison, CCIE #50052 (Routing & Switching)
  • Mike Burk, CCIE #50207 (Wireless)
  • Tony Ilorah, CCIE #50210 (Security)
  • Ahmad Nawid Azizi, CCIE #50254 (Routing & Switching)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

1 3,306 3,307 3,308 3,309 3,310 3,832